JP2014518582A - Dllインジェクション機能を持つコンピュータ装置及びdllインジェクション方法 - Google Patents

Dllインジェクション機能を持つコンピュータ装置及びdllインジェクション方法 Download PDF

Info

Publication number
JP2014518582A
JP2014518582A JP2014508278A JP2014508278A JP2014518582A JP 2014518582 A JP2014518582 A JP 2014518582A JP 2014508278 A JP2014508278 A JP 2014508278A JP 2014508278 A JP2014508278 A JP 2014508278A JP 2014518582 A JP2014518582 A JP 2014518582A
Authority
JP
Japan
Prior art keywords
target process
dll
target
injection
authority
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
JP2014508278A
Other languages
English (en)
Japanese (ja)
Other versions
JP2014518582A5 (fr
Inventor
リ,ジョン−イル
リ,ナム−ス
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fasoo com Co Ltd
Original Assignee
Fasoo com Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fasoo com Co Ltd filed Critical Fasoo com Co Ltd
Publication of JP2014518582A publication Critical patent/JP2014518582A/ja
Publication of JP2014518582A5 publication Critical patent/JP2014518582A5/ja
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating
    • G06F9/44521Dynamic linking or loading; Link editing at or after load time, e.g. Java class loading
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/74Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/451Execution arrangements for user interfaces

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Mathematical Physics (AREA)
  • Human Computer Interaction (AREA)
  • Stored Programmes (AREA)
JP2014508278A 2011-04-28 2012-03-12 Dllインジェクション機能を持つコンピュータ装置及びdllインジェクション方法 Pending JP2014518582A (ja)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
KR1020110039901A KR101242127B1 (ko) 2011-04-28 2011-04-28 Dll 인젝션 기능을 구비한 컴퓨팅 장치 및 dll 인젝션 방법
KR10-2011-0039901 2011-04-28
PCT/KR2012/001775 WO2012148080A2 (fr) 2011-04-28 2012-03-12 Dispositif informatique à fonction d'injection de dll, et procédé d'injection de dll

Publications (2)

Publication Number Publication Date
JP2014518582A true JP2014518582A (ja) 2014-07-31
JP2014518582A5 JP2014518582A5 (fr) 2015-04-23

Family

ID=47072842

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2014508278A Pending JP2014518582A (ja) 2011-04-28 2012-03-12 Dllインジェクション機能を持つコンピュータ装置及びdllインジェクション方法

Country Status (5)

Country Link
US (1) US8875165B2 (fr)
EP (1) EP2704004B1 (fr)
JP (1) JP2014518582A (fr)
KR (1) KR101242127B1 (fr)
WO (1) WO2012148080A2 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2019079289A (ja) * 2017-10-25 2019-05-23 システムインテリジェント株式会社 情報漏洩防止装置、及び情報漏洩防止プログラム
JP2021521563A (ja) * 2018-05-22 2021-08-26 ノートンライフロック インコーポレイテッド セキュリティポリシーに基づいてアプリケーション起動を制御するためのシステム及び方法

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109684824B (zh) * 2014-12-29 2021-09-03 北京奇虎科技有限公司 进程的权限配置方法及装置
US10083296B2 (en) * 2015-06-27 2018-09-25 Mcafee, Llc Detection of malicious thread suspension
CN106095482A (zh) * 2016-05-31 2016-11-09 宇龙计算机通信科技(深圳)有限公司 应用程序的冻结方法及装置
US10235161B2 (en) * 2017-02-06 2019-03-19 American Megatrends, Inc. Techniques of adding security patches to embedded systems
KR102146882B1 (ko) 2018-11-12 2020-08-21 주식회사 안랩 메시지 모니터링 장치 및 방법
CN111198723B (zh) * 2018-11-19 2023-03-07 深圳市优必选科技有限公司 一种进程注入方法、终端设备及计算机可读存储介质
KR101958933B1 (ko) * 2018-12-18 2019-03-18 주식회사 웨어밸리 소켓 인젝션을 통한 데이터베이스 내의 정보 수집 방법 및 장치
US11170126B2 (en) 2019-01-03 2021-11-09 Citrix Systems, Inc. Policy based notification protection service in workspace
US11307910B2 (en) * 2019-06-10 2022-04-19 Citrix Systems, Inc. Notification tagging for a workspace or application
CN111338922B (zh) * 2020-03-02 2023-04-11 武汉思普崚技术有限公司 Dll失效的检测方法及装置
CN111475229B (zh) * 2020-04-09 2021-01-15 广州锦行网络科技有限公司 一种Windows平台下的dll注入方法及***
US11681520B2 (en) 2021-04-20 2023-06-20 International Business Machines Corporation Software upgrading using dynamic link library injection

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6141698A (en) * 1997-01-29 2000-10-31 Network Commerce Inc. Method and system for injecting new code into existing application code
US7039919B1 (en) * 1998-10-02 2006-05-02 Microsoft Corporation Tools and techniques for instrumenting interfaces of units of a software program
US6463583B1 (en) 1999-04-08 2002-10-08 Novadigm, Inc. Dynamic injection of execution logic into main dynamic link library function of the original kernel of a windowed operating system
US8769268B2 (en) * 2007-07-20 2014-07-01 Check Point Software Technologies, Inc. System and methods providing secure workspace sessions
US8578483B2 (en) * 2008-07-31 2013-11-05 Carnegie Mellon University Systems and methods for preventing unauthorized modification of an operating system
JP2011013955A (ja) * 2009-07-02 2011-01-20 Hitachi Systems & Services Ltd メディアチェック回避システム
US20120167057A1 (en) * 2010-12-22 2012-06-28 Microsoft Corporation Dynamic instrumentation of software code

Non-Patent Citations (11)

* Cited by examiner, † Cited by third party
Title
CSNB200100185001; マックルー スチュアート: クラッキング防衛大全 不正アクセス手法の傾向とその対策 第1版, 20030205, pp.131-133, 株式会社翔泳社 SHOEISHA CO.,LTD. *
CSNB200200348001; リヒター ジェフリ: プログラミング Microsoft Windows 2000 -サービスによるサーバーアプリケーショ 第1版, 20001016, pp.520-523 *
CSND201100235008; 多田 政美: '一時的セキュア空間作成による情報の二次流出防止' PROVISION 第68巻, 20110209, pp.88-95 *
CSNG200700917005; 齊藤 正隆: 'API Hookを用いたWindowsプログラムのモビリティ向上ソフトウェアの作成' 電子情報通信学会技術研究報告 Vol.106 No.327 IEICE Technical Report 第106巻/第327号, 20061027, pp.25-30, 社団法人電子情報通信学会 The Institute of Electro *
JPN6014051148; 齊藤 正隆: 'API Hookを用いたWindowsプログラムのモビリティ向上ソフトウェアの作成' 電子情報通信学会技術研究報告 Vol.106 No.327 IEICE Technical Report 第106巻/第327号, 20061027, pp.25-30, 社団法人電子情報通信学会 The Institute of Electro *
JPN6014051150; マックルー スチュアート: クラッキング防衛大全 不正アクセス手法の傾向とその対策 第1版, 20030205, pp.131-133, 株式会社翔泳社 SHOEISHA CO.,LTD. *
JPN6014051152; リヒター ジェフリ: プログラミング Microsoft Windows 2000 -サービスによるサーバーアプリケーショ 第1版, 20001016, pp.520-523 *
JPN6014051153; 多田 政美: '一時的セキュア空間作成による情報の二次流出防止' PROVISION 第68巻, 20110209, pp.88-95 *
JPN6014051154; Alex SKALETSKY: 'Dynamic program analysis of Microsoft Windows applications' Proceedings of Performance Analysis of Systems & Software (ISPASS), 2010 IEEE International Symposiu , 20100330, pp.2-12 *
JPN6015011592; Alex SKALETSKY: 'Dynamic Program Analysis of Microsoft Windows Applications' Proceedings of 2010 IEEE International Symposium on Performance Analysis of System & Software(ISPASS , 20100330, pp.2-12 *
JPN6015011594; サイツ ジャスティン: リバースエンジニアリング 第1版, 20100524, pp.123-127, 株式会社オライリー・ジャパン オライリー ティム *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2019079289A (ja) * 2017-10-25 2019-05-23 システムインテリジェント株式会社 情報漏洩防止装置、及び情報漏洩防止プログラム
JP2021521563A (ja) * 2018-05-22 2021-08-26 ノートンライフロック インコーポレイテッド セキュリティポリシーに基づいてアプリケーション起動を制御するためのシステム及び方法
JP7060714B2 (ja) 2018-05-22 2022-04-26 ノートンライフロック インコーポレイテッド セキュリティポリシーに基づいてアプリケーション起動を制御するためのシステム及び方法

Also Published As

Publication number Publication date
EP2704004B1 (fr) 2016-02-03
EP2704004A2 (fr) 2014-03-05
EP2704004A4 (fr) 2014-12-17
KR20120121973A (ko) 2012-11-07
WO2012148080A2 (fr) 2012-11-01
US20140047461A1 (en) 2014-02-13
WO2012148080A3 (fr) 2013-01-03
KR101242127B1 (ko) 2013-03-12
US8875165B2 (en) 2014-10-28

Similar Documents

Publication Publication Date Title
JP2014518582A (ja) Dllインジェクション機能を持つコンピュータ装置及びdllインジェクション方法
US10460099B2 (en) System and method of detecting malicious code in files
KR101740224B1 (ko) 불법 모드 변경처리
US10083294B2 (en) Systems and methods for detecting return-oriented programming (ROP) exploits
CN102799817B (zh) 用于使用虚拟化技术进行恶意软件保护的***和方法
JP2018041438A5 (fr)
US9111096B2 (en) System and method for preserving and subsequently restoring emulator state
JP2014518582A5 (fr)
US20070113291A1 (en) Method for administrating the function access
JP7228751B2 (ja) 権限管理のための方法および装置、コンピュータ機器ならびに記憶媒体
JP2014516191A (ja) 仮想パーティションを監視するためのシステムおよび方法
KR20150063417A (ko) 데이터 처리장치와, 안전한 도메인 및 덜 안전한 도메인 사이에서 전환될 때 데이터 및 프로그램 코드를 안전하지 않은 액세스로부터 보호하는 방법
US20190286820A1 (en) Apparatus and method for detecting container rootkit
US20180025158A1 (en) System and method for detecting malware in a stream of bytes
WO2016126206A1 (fr) Procédé de brouillage de code utilisant la programmation orientée sur les retours
CN115688092A (zh) 终端弱管控方法、装置、电子设备及存储介质
KR101207434B1 (ko) 이종의 디지털 문서 보호 시스템 간의 충돌 방지 시스템 및 방법
CN109388948B (zh) 一种基于虚拟化技术的潜在恶意软件分析方法及相关装置
EP3293660A1 (fr) Système et procédé de détection d'un code malveillant dans des fichiers
KR101653741B1 (ko) 실행 프로그램 동작 감시방법, 감시장치 및 이를 위한 컴퓨터 프로그램, 그 기록매체
CN116775147B (zh) 一种可执行文件处理方法、装置、设备及存储介质
JP7476140B2 (ja) 情報処理装置、情報処理方法、およびプログラム
JP6364847B2 (ja) 主記憶アクセス制御装置、主記憶アクセス制御システム、主記憶アクセス制御方法、及び、主記憶アクセス制御プログラム
CN117688551A (zh) 启动路径白名单更新方法、装置、电子设备及存储介质
CN117150487A (zh) 一种动态链接库文件注入检测方法及装置

Legal Events

Date Code Title Description
A977 Report on retrieval

Free format text: JAPANESE INTERMEDIATE CODE: A971007

Effective date: 20141126

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20141202

A524 Written submission of copy of amendment under section 19 (pct)

Free format text: JAPANESE INTERMEDIATE CODE: A524

Effective date: 20150227

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20150331

A02 Decision of refusal

Free format text: JAPANESE INTERMEDIATE CODE: A02

Effective date: 20150908